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REMARKS 

Claims 3, 9 t 10, 14 and 15 are objected to as being dependent on a 
rejected base claim but are allowable if rewritten in independent form including all 
of the limitations of the base claim and any intervening claims. 

Claims 10 and IS are placed in independent form including all of the 
limitations of the base claim and any intervening claims. Consequently these claims 
are deemed to be in allowable condition. 

Claims 1-4, 6-9, 11-13, 16 and 17 are amended to correct formality 
errors and to more clearly define the invention. 

Dependent claims 18 and 19 are added. 

The claims have been amended to more clearly define that the claimed 
system processes -involves "generating an encryption key" used in "encrypting 
personal record parameters conveyed in URL data** and other features. Support for 
this and the other amendments is found in the existing claims (specifically claim 12) 
and in the Application description in connection with Figure 2 on pages 11-13 and 
other places. The added claims recite the method claims may be embodied in a 
tangible storage medium such as in an application on a disk etc. 

/. Objection to claims. 

Claim 9 is objected as indicating the preamble indicates it is a dependent 
claim but the number of the patent claim is missing. 

Claim 9 is amended to be dependent on claim 8. Consequently this 
ground of objection is no longer deemed to apply and its withdrawal is respectfully 
requested. 

//. Rejection of claims 8 and 13 under 35 USC J 72. 

Claims 8 and 13 are rejected under 35 USC 112 second paragraph as 
being indefinite for failing to particularly point out and distinctly claim the subject 
matter* Specifically, claims 8 and 13 are rejected as containing the term "substantially 
randomly generating" and as hence being unclear. 
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Claims 8 and 13 are amended to delete the term "substantially". 
Consequently this ground of rejection is no longer deemed to apply and its withdrawal 
is respectfully requested. 

77/. Rejection under 35 U.S.C. 102(b) 

Claims L 2, 4-7, ll t 12, 16 and 17 are rejected under 35 ILS.C. 102(b) 
as being anticipated by U.S. Patent 6,115,040 - Bladow et ah These claims, as 
amended, are deemed to be patentable for the reasons given below. 

Amended claim 1 recites a system "employed by a first application for 
supporting concurrent operation of a plurality of network compatible applications" 
and including "an entitlement processor for authorizing user access to said first 
application in response to validation of user identification information; and a 
communication processor for initiating generation of, a session identifier particular to 
a user initiated session and for use by a plurality of concurrently operating 
applications to uniquely identify said user initiated session and an encryption key for 
use by said first application in encrypting personal record parameters conveyed in 
URL data, in response to validation of user identification information". These features 
are not shown (or suggested) in Bladow. 

The system of claim 1 involves initiating generation of an "encryption 
key for use by said first application in encrypting personal record parameters 
conveyed in URL data". This feature in combination with the other features of the 
claim 1 arrangement address the deficiencies of known electronic systems for 
transferring confidential patient medical data (e.g., patient identifiers or medical 
parameters) within a hospital whilst avoiding data corruption and unauthorized data 
access. "Applications are vulnerable to the corruption of URL data and the context 
information conveyed within the URL data* The URL data conveyed from application 
200 to application 230 includes context information comprising a session identifier 
and optionally a user or patient identifier. This URL data is potentially vulnerable to 
corruption to cause URL replay or redirection of an application to a substitute address 
or to gain access to application functions and parameters for unauthorized purposes. 
In order to protect against such corruption and to ensure that the entity being accessed 
is the one originally targeted, portions of the URL data conveyed between 
applications are advantageously encrypted" (Application page 11 lines 2-10). 
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The arrangement of claim I supports "concurrent operation of a 
plurality of network compatible applications" involving processing confidential data 
such as patient medical data, for example. The system does this through "initiating 
generation of, a session identifier particular to a user initiated session and for use by a 
plurality of concurrently operating applications to uniquely identify said user initiated 
session". The system further generates **an encryption key for use by said first 
application in encrypting personal record parameters conveyed in URL data, in 
response to validation of user identification information'*. In contrast, the system of 
Bladow **is directed to an integrated graphical user interface system for enabling a 
user to interact with one or more application services provided by remote servers. The 
present invention utilizes the Web paradigm to allow easy and convenient access 
firom the user's perspective" (Bladow column line 66 to column 3 line 3). Bladow 
further states "In the preferred embodiment of the invention, the system employs SSL 
encryption so that communications in both directions between the subscriber and the 
networkMCI Interact system are secure" (Bladow column 10 lines 38-41). 

In "operation, each of the Secure servers 24 function to decrypt the 
client message, preferably via the SSL implementation, and unwrap the session key 
and verify the users session from the COUser object authenticated at Logon" (Bladow 
column 7 lines 37-45). Consequently, the Bladow system uses known SSL encryption 
and decryption techniques to encrypt and decrypt entire client messages to provide 
security, Bladow does not show or suggest initiating generation of an "encryption key 
for use by said first application in encrypting personal record parameters conveyed in 
URL data". Bladow nowhere contemplates or suggests encryption of particular 
parameters in "URL data" fields. The Bladow SSL encryption is used for entire 
messages and NOT URLs and NOT particular parameters within a URL. Further, 
although Bladow mentions security (Bladow column 9 line 65 to column 10 line 19), 
Bladow fails to address the particular problem recognized in the application and 
addressed by the claimed arrangement. Specifically, Bladow nowhere recognizes the 
problem of "corruption of URL data and the context information conveyed within the 
URL data. The URL data conveyed from application 200 to application 230 includes 
context information comprising a session identifier and optionally a user or patient 
identifier. This URL data is potentially vulnerable to corruption to cause URL replay 
or redirection of an application to a substitute address or to gain access to application 
functions and parameters for unauthorized purposes" (Application page 11 lines 2- 
10). This problem has particular relevance in Hospitals for example where 
confidential patient information needs to be communicated. 
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Bladow also does NOT suggest "a communication processor for 
initiating generation of, a session identifier particular to a user initiated session and 
for use by a plurality of concurrently operating applications to uniquely identify said 
user initiated session" in conjunction with initiating generation of "an encryption key 
for use by said first application in encrypting personal record parameters conveyed in 
URL data, in response to validation of user identification information" This 
combination of features supports secure transfer of patient confidential information in 
URLs between "concurrently operating applications". Bladow does not contemplate 
(or provide any 35 USC 112 compliant) description of initiating generation of "an 
encryption key for use by said first application in encrypting personal record 
parameters conveyed in URL data" to support "concurrently operating applications". 
Consequently, withdrawal of the rejection of amended claim 1 under 35 USC 102(b) 
is respectfully requested. 

Amended dependent claim 2 is considered to be patentable based on its 
dependence on claim 1, Claim 2 is also considered to be patentable because Bladow 
does not show (or suggest) "encrypting personal record parameters conveyed in URL 
data" in which "said personal record parameters are associated with a patient medical 
record and said encryption key is particular to said user initiated session". Bladow 
does not contemplate (or provide any 35 USC 112 compliant) description of initiating 
generation of "an encryption key for use by said first application in encrypting 
personal record parameters conveyed in URL data" to support "concurrently 
operating applications". 

Amended dependent claim 4 is considered to be patentable based on its 
dependence on claim 1. Claim 4 is also considered to be patentable because Bladow 
does not show (or suggest) the "communication processor also communicates 
additional parameters to a managing application for storage, said additional 
parameters including one or more of t (a) an authentication service identifier, (b) a 
language identifier, (c) a URL to direct a browser to a starting application upon 
termination of a session, (d) a URL for use in acquiring a web page providing a logon 
menu to support user initiation of another session, (e) a URL to.be contacted upon a 
predetermined event and (f) an identification of a type of said predetermined event". 
Bladow does not suggest such a feature combination 

Dependent claim 5 is considered to be patentable based on its 
dependence on claim 1. Claim 5 is also considered to be patentable because Bladow 
does not" show (or suggest) "an input processor for receiving said session identifier 
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and an associated encryption key from said managing application". Bladow does not 
suggest such a feature combination. 

Amended dependent claim 6 is considered to be patentable based on its 
dependence on claim 1. Claim 6 is also considered to be patentable because Bladow 
does not show (or suggest) "an encryption processor for use in encrypting medical 
data associated with a patient medical record**. Bladow does not contemplate or 
mention medical data processing at all. 

Amended independent claim 7 recites a "system employed by a 
managing application for supporting concurrent operation of a plurality of network 
compatible applications, comprising: an input processor for receiving from a first 
application a session initiation request to initiate generation of a session identifier, a 
session identifier generator for generating a session identifier particular to a user 
initiated session and for use by a plurality of concurrently operating applications to 
uniquely identify said user initiated session; an encryption key generator for 
generating an encryption key for use by said first application in encrypting personal 
record parameters conveyed in URL data and a communication processor for, 
communicating said session identifier to said first application and communicating 
said session identifier to another application of said plurality of concurrently 
operating applications in response to a request to receive said generated session 
identifier'*. Amended claim 7 is considered to be patentable for the reasons given in 
connection with claim 1. Claim 7 is also considered to be patentable because Bladow 
does not show (or suggest) a feature combination as in claim 7 including 
"communicating said session identifier to another application of said plurality of 
concurrently operating applications in response to a request to receive said generated 
session identifier**. Bladow does not show such a request communication in 
combination with the other features of claim 7. Bladow also does not show such 
features in combination with "a session identifier generator for generating a session 
identifier particular to a user initiated session and for use by a plurality of 
concurrently operating applications to uniquely identify said user initiated session". 

Amended independent claim 11 recites a "system supporting 
concurrent operation of a plurality of Internet compatible applications** involving a 
"browser application providing a user interface display permitting user entry of 
identification information and commands for a plurality of Internet compatible 
applications and for providing user identification information to a first application for 
validation; and a managing application for generating, a session identifier particular to 
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a user initiated session and an encryption key for use by said first application in 
encrypting personal record parameters conveyed in URL data, in response to receiving 
a session initiation request from a first application and for communicating said 
session identifier to said first application" Amended claim 11 is considered to be 
patentable for the reasons given in connection with claim 1. Claim 11 is also 
considered to be patentable because Bladow docs not show (or suggest) a feature 
combination as in claim 11 including a "first application for ... encrypting personal 
record parameters conveyed in URL data, in response to receiving a session initiation 
request from a first application and for communicating said session identifier to said 
first application", Bladow also does not show or suggest such a feature in 
combination with a "browser application". 

Amended dependent claim 12 is considered to be patentable based on 
its dependence on claim 11. Claim 12 is also considered to be patentable because 
Bladow does not show (or suggest) "said encryption key is also to be used in 
encrypting and decrypting a session identifier conveyed in URL data". Bladow does 
not contemplate or mention encrypting a URL or data fields within a URL at all. 

Amended independent method claim 16 mirrors apparatus claim 1 and 
is considered to be patentable for similar reasons. 

Amended independent method claim 17 is considered to be patentable 
for similar reasons to those given in connection with apparatus claim 7. 

Claims 9 and 14 are considered to be patentable for reasons given in 
connection with their amended base claims 7 and 11 respectively. Consequendy* 
withdrawal of the rejection of claims 1, 2, 4-7, 9, 11, 12, 14, 16 and 17 under 35 USC 
102(b) is respectfully requested. 

///. Rejection under 35 C/.S.C 103(a) 

Claims 8 and 13 are rejected under 35 U,S*C 103(a) as being 
unpatentable over U.S. Patent 6 t U5 t 040 - Bladow et al. and Official Notice. These 
claims, as amended, are considered patentable for reasons given in connection with 
claim 1 and for the following reasons* 

Amended claim 8 recites a system in which "said encryption key 
generator randomly generates an encryption key particular to said user initiated 
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session, in response to said session initiation request". These features are not shown 
or suggested in Bladow and Official Notice. 

The system of amended claim 8 includes "a session identifier generator 
for generating a session identifier particular to a user initiated session and for use by a 
plurality of concurrently operating applications to uniquely identify said user initiated 
session" and an "encryption key generator for generating an encryption key for use by 
said first application in encrypting personal record parameters conveyed in URL 
data". The "encryption key generator randomly generates an encryption key particular 
to said user initiated session, in response to said session initiation request". Bladow 
with Official Notice fails to suggest such features. As previously explained Bladow 
nowhere contemplates encryption of a URL or a data field within a URL. 

The Rejection takes Official Notice that "the use of a randomly 
generated key in session establishment protocols is a step that is old and well known 
in the art" (Rejection page 6). It is acceptable -for official notice to be taken of a fact 
of "wide notoriety", In re Howard, 394 F. 2d 869, 157 USPQ 615, 616 (CCPA 
1968) e,g« a fact commonly known to laymen everywhere, 29 AM Jur 2D Evidence 
S. 33 (1994) or of a fact that is capable of "instant and unquestionable 
demonstration", In re Ahlert 424 R 2d 1088, 1091, 165 USPQ 418, 420 (CCPA 
1970). However, official notice should not be taken of a fact normally subject to the 
possibility of rational disagreement among reasonable men, In re Eynde, 480 F. 2d 
1364, 1370; 178 USPQ 470, 474 (CCPA 1973). It is submitted that the elements of 
which the Rejection takes official notice, in the context of their respective claims, 
are neither features of "wide notoriety 1 *, (In re Howard), nor capable of "instant and 
unquestionable demonstration" (In re Ahlert). On the contrary, these features are 
subject to the possibility of rational disagreement given the claim arrangements 
within which they reside. Consequently, Applicants take exception to the instances 
of Official notice used in the rejection with regard to claims 8 and 13, Further, 
Applicants request that a showing be made of evidence that these features were well 
known, in the context of their respective claims at the time the invention was made. 
Consequently withdrawal of the Rejection of claim 8 under 35 USC 103(a) is 
respectfully requested* 

Dependent claim 13 is considered to be patentable for similar reasons 
as to those given in connection with claim 8. 
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Objected to dependent claims 3, 9 and 14 aire considered to be 
patentable for reasons given in connection with their base claims. Consequently 
withdrawal of the Rejection of (or objection to) claims 1-17 is respectfully requested. 

Added dependent claims 18 and 19 are deemed to be patentable for 
reasons given in connection with their base claims. 

In view of the above amendments and remarks, Applicants submit that 
the Application is in condition for allowance, and favorable reconsideration is 
requested. 



Respectfully submitted, 
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